Skype for Business Server 2015 December 2017 Cumulative Update–Lots of fixes and Improvements

Just noticed this morning on twitter thanks to Michael LaMontagne there’s a new December 2017 Cumulative update released for Skype for Business Server 2015 !

image

Its been a good while since the last CU was released which i think was May 2017 so this CU has a huge amount of improvements and fixes in, there’s even a fix for the VIS role which surprised me a lot. I think this makes this CU6 for SfB Server 2015 now.

It mentions this update enables Location-Based Routing to support the Skype for Business mobile clients which is very interesting as this is what was listed in the May 2017 CU.

There FIPS support, adding of HTTP strict transport security, Mac, VIS, P chat, meeting url searchable by search engines and lot more ill try and give a quick summary on some of the highlights but definitely recommend checking all the fixes and improvements out.

A very quick summary

  • Quite alot of Updates for the SfB Mac client which also had a recent December CU as well.
  • Fixes for restricting external SfB Mac clients
  • Looks like this is required to enable peer to peer file transfer for SfB Mac Clients
  • E911 is mentioned again with a fix for the Mac client so very important fix here as incorrect location information could be given
  • Strict-Transport-Security header to the path of all web service responses nice to see this. This protect websites against protocol downgrade attacks and cookie hijacking More info on this here https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
  • Fix for the May 2017 .NET Framework update which i saw a few customers with this issue
  • Fix for enabling SfB Server with Federal Information Processing Standard (FIPS) guidelines – https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards
  • VIS fix with Cisco endpoints – Someone out there is using VIS
  • Persistent chat fixes
  • SRS and Surface Hub fixes
  • Meeting URLs searchable in search engine results – I have seen this one so great to see this fixed.
  • Fix if Firefox 52 or a later is your default browser

Version – 9319.510

Download Link

https://www.microsoft.com/en-us/download/details.aspx?id=47690

Improvements / Fixes

This update enables Location-Based Routing to support the Skype for Business mobile clients.

Improvements / Fixes Symptom / Cause
  • 4043636 Skype for Business on Mac can’t retrieve meeting information in Skype for Business Server 2015
If you set the AllowExchangeConnectivity attribute for the mobility policy to false in Microsoft Skype for Business Server 2015, Skype for Business on Mac clients can’t retrieve meeting information through the Exchange Web Services (EWS) connection to the Exchange server.

This issue occurs because the Unified Communications Web API (UCWA) module in Skype for Business Front End server doesn’t implement this feature.

  • 4043634 Sign-in dialog box is always displayed when you try to access external web services in Skype for Business Server 2015
Assume that you enable the passive authentication for the web services of the Front End Server pool in Microsoft Skype for Business Server 2015. When you use the Skype for Business client to access the external web services, a credential prompt (sign-in dialog box) is displayed even if the NTLM authentication protocol is disabled.
  • 4043638 Incorrect format of location information about an E911 call from Skype for Business on Mac
Assume that you have installed the latest updates for Skype for Business Server 2015. When you make an E911 (enhanced 911) call in Skype for Business on Mac, the call is connected to the E911 call center. However, the received location information is in an incorrect format.
  • 4043641 Update to add a Strict-Transport-Security header to the path of all web service responses in Skype for Business Server 2015
The update includes a Strict-Transport-Security header in the path of all web service (HTTP) responses in Microsoft Skype for Business Server 2015. HTTP Strict Transport Security (HSTS) is an Internet Engineering Task Force (IETF) standard-compliant security feature in the header to help users connect to secure sites in a secure way, and prevent some attacks.
  • 4043637 Update to enable Skype for Business on Mac to restrict external access in Skype for Business Server 2015
After you install this update, you can run the following cmdlets for Microsoft Skype for Business on Mac users to restrict external access globally or on a per-user basis in a Microsoft Skype for Business Server 2015 environment:

  • Globally

    Set-CsPlatformServiceSettings -EnableExternalAccessCheck $false

  • On a per-user basis

    Set-CsExternalAccessPolicy -EnableOutsideAccess $false

  • 4043633 Synthetic transactions fail after installing February 2017 update for Skype for Business Server 2015
After you install February 2017 update for Skype for Business Server 2015 (build 6.0.9319.277), synthetic transactions don’t work as expected. For example, when you run the Test-CsUcwaConference (UcwaConference) cmdlet, you receive the following error message:

Error Message: Failed creating application activity.

Inner Exception: Method not found:

‘System.Threading.Tasks.Task`1

<Microsoft.Rtc.Internal.

Ucwa.ClientModel.Interfaces.IHttpResult>

Microsoft.Rtc.Internal.

Ucwa.ClientModel.Interfaces.

IMeService.MakeMeAvailableAsync(Microsoft.Rtc.Internal.Ucwa.ClientModel.

ApplicationSignInProperties)’.

  • 4043635 You cannot sign in Web Scheduler in Skype for Business Server 2015
This issue occurs because the origin header isn’t handled correctly.
  • 4036633 “We can’t sign you in because you aren’t set up to use Skype for Business” error in Skype for Business Server 2015
Consider the following scenario:

  • You run the Set-CsPlatformServiceSettings cmdlet to set the value of the enableExternalAccessCheck parameter to true in Microsoft Skype for Business Server 2015.
  • You run the Set-CsExternalAccessPolicy cmdlet to set the value of the EnableOutsideAccess parameter to false per user.

In this scenario, when you try to sign in to Unified Communications Web API (UCWA) clients, you receive the following error message:

We can’t sign you in because you aren’t set up to use Skype for Business. Please contact your support team

After you apply this update, you receive the following error message:

Your account does not allow access from outside your organization’s network. Please contact your organization’s network and then try signing in

  • 4036631 Can’t join an application sharing session of meeting in Skype for Business Server 2015 that has May 2017 update applied
Consider the following scenario:

  • You apply May 2017 cumulative update for Microsoft Skype for Business Server 2015.
  • Some Video-based Screen Sharing (VbSS) supported clients and legacy clients are in a Skype for Business meeting.

In this scenario, you might be unable to join the application sharing session of the meeting.

This issue occurs because Skype for Business Application Sharing Server (ASMCU) doesn’t include the rtcp-mux attribute in the Session Description Protocol (SDP) after the application sharing session is failed from VbSS to the remote desktop protocol (RDP) session.

  • 4036632 UCWA clients still can sign in from external networks when the external access is disabled in Skype for Business Server 2015
Consider the following scenario:

  • You run the Set-CsExternalAccessPolicy cmdlet to set the value of the EnableOutsideAccess parameter to false in Microsoft Skype for Business Server 2015.
  • Users are using Microsoft Skype for Business mobile apps and Microsoft Skype for Business on Mac clients.

In this scenario, Unified Communications Web API (UCWA) clients still can sign in from external networks even if the external access setting is disabled by the policy.

  • 4036630 Can’t schedule or join a meeting after you apply May 2017 Cumulative Update for Skype for Business Server 2015
Consider the following scenario:

  • You apply May 2017 Cumulative Update for Microsoft Skype for Business Server 2015.
  • The version of .Net Framework that’s installed on the Skype for Business Server 2015 Front-End Server is less than 4.6.2.
  • You enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting on the Front-end Server.

In this scenario, you can’t schedule or join a meeting by using the Meet Now option or Outlook Skype Meeting add-in.

This issue occurs because Meeting functionality dependency: SHA256 Managed implementation is incompatible with Federal Information Processing Standard (FIPS) guidelines in Cumulative Update 5.

  • 4036625 Enables the peer-to-peer file transfer feature for Skype for Business on Mac clients in Skype for Business Server 2015
  • 4036627 Event ID 16385 floods in Skype for Business Server 2015 Director pools
You may find that the following event fills up Windows Fabric event logs in Microsoft Skype for Business Server 2015 Director pools:

Log Name: Microsoft-Windows-WindowsFabric/Admin

Source: Microsoft-Windows-WindowsFabric

Date: Date/Time

Event ID: 16385

Task Category: Reliability

Level: Warning

Keywords: Default

User: NETWORK SERVICE

Computer: computer-FQDN NAME

Description: FM resolving failed with FABRIC_E_PARTITION_NOT_FOUND Event Xml

 

This issue occurs because the Windows Fabric cluster isn’t set up properly in Skype for Business Server 2015 Director pools that have more than two servers.

  • 4023993 LS Data MCU events 41024, 41025 and 41026 are constantly generated after you install the May 2017 .NET Framework update
Consider the following scenario:

  • You deploy Microsoft Lync Server 2010, Microsoft Lync Server 2013, or Microsoft Skype for Business Server 2015.
  • The Microsoft .NET Framework 4.5.2 or a later version is installed (Lync Server 2013 or Skype for Business Server 2015).
  • You install the May 2017 .NET Framework Security and Quality Rollup.

In this scenario, you experience the following symptoms:

  • Web Applications users cannot use some features such as PowerPoint presentations, Q&A sites, and whiteboard sharing.
  • Shared Object Messaging (PSOM) protocol connectivity with Microsoft Edge fails.
  • External users cannot use such features as PowerPoint presentations, Q&A pages, or Whiteboard sharing.
  • The Lync Server 2010, Lync Server 2013, or Skype for Business Server 2015 Front End server generates the following LS Data MCU event 41026 error.

    Note The Front End server alternatingly generates this event and event 41025. Event 41025 states that connectivity has succeeded.

    Log Name: Lync Server
    Source: LS Data MCU
    Date: Date/Time
    Event ID: 41024
    Task Category: (1018)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: FrontEnd-computer-FQDN
    Description:
    No connectivity with one of the Web Conferencing Edge Servers.
    Edge Server Machine FQDN: Edge-computer-FQDN, Port:XXXX
    If the problem persists this event will be logged again after 20 minutes
    Cause: Service may be unavailable or Network connectivity may have been compromised.

    Log Name: Lync Server
    Source: LS Data MCU
    Date: Date/Time
    Event ID: 41025
    Task Category: (1018)
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: FrontEnd-computer-FQDN
    Description:
    Connection to the Web Conferencing Edge Server has succeeded
    Edge Server Machine FQDN: Edge-computer-FQDN, Port:XXXX

    Log Name:      Lync Server
    Source:        LS Data MCU
    Date:          date time
    Event ID:      41026
    Task Category: (1018)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      frontend1.contoso.com
    Description:
    No connectivity with any of Web Conferencing Edge Servers. External Lync clients cannot use Web Conferencing modality.
    Cause: Service may be unavailable or Network connectivity may have been compromised.
    Resolution:
    Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.

  • 4036621 Mid-call control like “Stop my video” fails if a call occurs from a VTC endpoint in Skype for Business Server 2015
Consider the following scenario:

  • You integrate Video Interop Server (VIS) with Cisco Unified Communication Manager (CUCM) in a Microsoft Skype for Business Server 2015 environment.
  • You use a Cisco teleconferencing system (VTC) endpoint, such as SX20 to make a call to a Skype for Business client.
  • An Audio/Video call is established between the endpoint and the client.

In this scenario, after some seconds, when the Skype for Business client makes some mid-call controls, such as clicking stop my video or start my video, or both options, the call is dropped.

This issue occurs because after Skype for Business client answers an incoming call from Cisco VTC endpoint, VIS keeps sending INVITEs request to Cisco VTC or CUCM every second. However, Cisco VTC endpoint starts to reply 503 service unavailable from the 24th INVITE onwards. Therefore, VIS drops both legs of the call when Skype for Business client does a mid-call control operation.

  • 4036622 “ONLINE_USER_COUNT_SETTING is immutable” error occurs if you manage chat user roles with BeginAddUsersOrGroupsToRole
Consider the following scenario:

  • You are a developer in a Microsoft Skype for Business Server 2015 environment.
  • You use Persistent Chat Software Development Kit (SDK) to manage user roles in a chat room by invoking BeginAddUsersOrGroupsToRole method.

In this scenario, the method call may fail, and you receive the following error message:

NodeSetting.ONLINE_USER_COUNT_SETTING is immutable

 

This issue occurs because room search command tries to set a parameter value that’s an external read-only field

  • 4036623 “Action couldn’t be completed” error when you upload a file to a persistent chat room in Skype for Business Server 2015
When you try to upload a file that has no English characters included in the file name to a persistent chat room in a Microsoft Skype for Business Server 2015 environment, other members in the room cannot see the file, and you receive the following error message:

The action couldn’t be completed. Please try again later.

 

This issue occurs because the program cannot convert the file name that’s encoded by UTF-8.

  • 4036615 Sets the default value of the “EnableDelegateManagement” attribute to “true” in Skype for Business Server 2015
Assume that you have installed KB 4015893, but have not run the Set-CsPlatformServiceSettings cmdlet to set the EnableDelegateManagement attribute to true. In this situation, installing this update will automatically set the value to true. This means that you enable the delegate management feature.
  • 4036614 “From number” is missing in the Peer-to-Peer Session Detail Report when you dial a PSTN number in Skype for Business Server 2015
Assume that you use a Microsoft Skype for Business mobile client to dial a Public Switched Telephone Network (PSTN) number in a Microsoft Skype for Business Server 2015 environment. When you view the Peer-to-Peer Session Detail Report, you find that the From number attribute is empty.

This issue occurs because the Microsoft Unified Communication Web API (UCWA) does not send TelNumber in P2PSessiondata.

  • 4036620 Can’t join meeting by using Skype for Business Room System or Surface Hub devices in Skype for Business Server 2015
Your end-users report that they can’t join a Skype for Business meeting, especially when they join the meeting by using Microsoft Business Room System or Surface Hub devices.

This issue occurs because all subsequent sign-in processes fail for these devices after a rare race condition occurs in Microsoft Skype for Business Server 2015 Front End service.

  • 4036618 Meeting URLs are visible in search results of a search engine in Skype for Business Server 2015
Consider the following scenario in a Microsoft Skype for Business Server 2015 environment:

  • You schedule a Microsoft Skype for Business meeting.
  • The meeting URL is posted somewhere publicly online.

In this scenario, when you search for “Skype for Business Web App” in search engines such as Google, Bing or Yahoo, you can see the meeting URL publicly.

Additionally, other people can join the meeting randomly if you enable the anonymous meeting join feature.

This issue occurs because search engines browse the public site, see the meet.lync.com URL, then crawl it, and index it into the search engines.

  • 4036619 Lync or Skype for Business client can’t be started to join meeting if default browser is Firefox 52 or a later version
Assume that the default browser is Firefox and its version is greater than or equal to 52. When you try to click a Skype for Business meeting link to join the meeting that’s created at an on-premises server, the Skype for Business web client is opened to join the meeting instead of the Skype for Business desktop client.

This issue occurs because the Netscape Plugin Application Programming Interface (NPAPI) plugin is deprecated in Firefox 52 or a later version. NPAPI is currently used as part of the client detection process for the Lync or Skype for Business client when you join a meeting by clicking a link. When NPAPI is disabled, the webpage can’t determine whether you have the client installed.

  • 4036612 Event Id 53530 is logged and connection to SQL database is lost in Skype for Business Server 2015 Persistent Chat Server
When you use Microsoft Skype for Business Server 2015 Persistent Chat Server, you may receive the following event:

Time: Date/Time

ID: 53530

Level: Error

Source: LS Persistent Chat Server

Machine: ServerName

Message: The Persistent Chat database connection was lost.

The Skype for Business Server 2015, Persistent Chat lost connection to the database using connection string:

Data Source=sql.contoso.com;Initial Catalog=mgc;Integrated Security=SSPI;

Cause: An unexpected error occurred that caused the loss of the Persistent Chat database connection.

Resolution:

Check the state of the database.

 

This issue occurs because the procProcessADUpdates stored procedure takes more than 30 seconds to run. Default Skype for Business Server 2015 Persistent Chat Servertime-out is 30 seconds so that the stored procedure execution will be aborted.

  • 4036617 User move fails and many SIP messages are queued after you apply August 2016 update for Skype for Business Server 2015
Consider the following scenario in a Microsoft Skype for Business Server 2015 environment:

In this scenario, the user move fails. Additionally, you see many SIP messages are queued on Front-End servers.

This issue occurs because of a failure in the RtcUpdateResourceAttributes stored procedure that’s caused by time-out.

 

CU Installer Pre reqs

On the install notes it does mention to apply this update, you must have Microsoft .NET Framework 4.5.2 (Offline Installer or Web Installer) installed.

 

Unfortunately i cant install this CU in my lab as my lab is boxed up and in storage as were in the process of moving house. Should of had my lab in Azure lol

References

Download

https://www.microsoft.com/en-us/download/confirmation.aspx?id=47690

SfB Server 2015 Updates

https://support.microsoft.com/en-us/help/3061064/updates-for-skype-for-business-server-2015

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.